You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This will lead to errors as neither urn:ietf:params:oauth:token-type:access_token nor urn:ietf:params:oauth:token-type:id_token are valid token types for the oidc /userinfo endpoint as per RFC6750.
Actual Behavior
Dex follows the oidc spec and uses Bearer as token type for /userinfo requests.
The Access Token obtained from an OpenID Connect Authentication Request MUST be sent as a Bearer Token, per Section 2 of OAuth 2.0 Bearer Token Usage [RFC6750].
Steps To Reproduce
No response
Additional Information
No response
Configuration
No response
Logs
No response
The text was updated successfully, but these errors were encountered:
Preflight Checklist
Version
2.38.0
Storage Type
etcd
Installation Type
Official Helm chart
Expected Behavior
When performing a tokenExchange, Dex will reuse the tokenType set in
subject_token_type
for requesting the userInfo from the upstream IdP (https://github.com/dexidp/dex/blob/master/connector/oidc/oidc.go#L436).This will lead to errors as neither
urn:ietf:params:oauth:token-type:access_token
norurn:ietf:params:oauth:token-type:id_token
are valid token types for the oidc /userinfo endpoint as per RFC6750.Actual Behavior
Dex follows the oidc spec and uses
Bearer
as token type for/userinfo
requests.https://openid.net/specs/openid-connect-core-1_0.html#UserInfo (5.3.1)
Steps To Reproduce
No response
Additional Information
No response
Configuration
No response
Logs
No response
The text was updated successfully, but these errors were encountered: